A majority (54%) of UK organisations say the security risks for their business have never been higher, yet the average company only dedicates 11% of its IT budget to security – far from the ideal allocation of 17%, according to British business and IT leaders. The rapid adoption of AI only adds to the risks with phishing attacks (35%), AI-based malware (34%), and compliance violations (27%) increasing since AI adoption has become far more prevalent in the last year.

While AI is becoming more mainstream, the way companies approach training their AI models and communicating their practices to customers is nascent and varies widely. Over 1 in 4 (30%) use only anonymised customer data while just over one-third of organisations (37%) use a mix of customer and synthetic data. And while 29% of organisations require customer opt-in to use their data for AI training, 74% of companies don’t offer an opt out option.

Conducted by Sapio Research on behalf of Vanta, the State of Trust Report 2024 surveyed the behaviours and attitudes of 2,500 business and IT leaders across the US, UK and Australia, to uncover the latest trends shaping security and compliance.

Increasing risks intensify the compliance burden

With a growing reliance on third-party vendors and AI in business today, the security landscape has never been more challenging. At the same time, security leaders and their teams face an increasing compliance burden. Time spent on manual security compliance tasks increased to over 12 weeks in 2024, in the UK – up from 10 weeks in 2023. Additionally:

• Nearly two-thirds (69%) of UK organisations say that customers, investors and suppliers require more demonstration of compliance than before
• IT decision makers spend an average of 7 hours per week assessing and reviewing vendor risk
• 1 in 2 (55%) organisations detect and respond to cybersecurity threats at least once a week
• 44% of UK organisations say that a vendor of theirs has experienced a data breach since they started working together with them.
• 63% agree that third-party breaches negatively impact their organisation’s reputation
• Only 2 in 5 (43%) UK organisations have or are currently conducting regular AI risk assessments
• A mere 42% have, or are in the process of, implementing a company AI policy

Despite all countries continuing to grapple with the unique set of security and compliance challenges, the survey findings illustrate the vast differences experienced across time zones:

• 48% of US organisations have had a vendor experience a data breach since they started working with them – the highest of all markets surveyed
• Organisations in the UK spend the most time on compliance tasks – 12 weeks a year versus 10 weeks in 2023
• Companies in Australia have the least insight into vendor risk, with only 17% having “strong” visibility
• US companies are most concerned around internal use of AI and the risks it poses for the security of the organisation (53%)
• 55% of organisations in the UK have increased their investment in AI for security operations, 10% more than the US and 18% more than Australia
• Only 28% of companies in Australia have, or are in the process of putting, a company AI policy in place – the lowest of all markets

Good security is good business

As the security expectations of customers grow, UK leaders recognise the business value of investing in building and demonstrating trust. Over half (53%) believe good security practices drive customer trust (up from 40% in 2023), while 47% recognise that good security practices lead to reduced financial risks.

When used in the right way, AI and automation can help security teams increase efficiency, free up time for strategic work and deliver more business impact. On average, UK security teams could save between 4-5 hours a week by automating activities like user access reviews, employee management and answering security questionnaires. Over half (51%) of UK organisations say that their investment in automation for security operations has increased over the past year.

“To uphold trust in an AI world, security leaders need to go beyond the standard way of doing things,” said Christina Cacioppo, CEO, Vanta. “They need to make trust continuous, collaborative and automated across their business. Trust management allows organisations to reduce risk, build customer confidence, and accelerate revenue growth.”

For more startup news, check out the other articles on the website, and subscribe to the magazine for free. Listen to The Cereal Entrepreneur podcast for more interviews with entrepreneurs and big-hitters in the startup ecosystem.